Kroll has uncovered a sophisticated cyberattack leveraging vulnerabilities in ConnectWise ScreenConnect software to deploy a variant of the BabyShark malware dubbed ToddlerShark. This targeted campaign exploits ScreenConnect flaws in the remote access tool to gain unauthorized access and deliver the malicious payload. Diving into details The North Korean APT group Kimsuky is reportedly exploiting ScreenConnect […]
CISA ADDS ANDROID PIXEL AND SUNHILLO SURELINE BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG Pierluigi Paganini March 06, 2024 U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android Pixel and Sunhillo SureLine vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: […]
92% of companies had experienced a breach in the prior year due to vulnerabilities of applications developed in-house, according to Checkmarx. AppSec managers and developers share application security duties In recent years the responsibility for application security has shifted away from dedicated security teams and is now shared between AppSec managers and developers. 49% of […]
Recently, Ubuntu has rolled out security updates addressing several Linux kernel vulnerabilities in Ubuntu 18.04. In this article, we will delve into the specifics of these vulnerabilities, along with their impact and mitigation measures. New Ubuntu 18.04 Security Updates CVE-2023-51780 (Cvss 3 Severity Score: 7.0 High) A use-after-free vulnerability was found in the Linux kernel […]
Recently, Ubuntu has rolled out security updates addressing several Linux kernel vulnerabilities in Ubuntu 18.04. In this article, we will delve into the specifics of these vulnerabilities, along with their impact and mitigation measures. New Ubuntu 18.04 Security Updates CVE-2023-51780 (Cvss 3 Severity Score: 7.0 High) A use-after-free vulnerability was found in the Linux kernel […]
The North Korean hacking group Kimsuky is using newly disclosed ScreenConnect vulnerabilities to deploy a polymorphic malware variant called ToddleShark for espionage and data theft.
The JetBrains TeamCity On-Premises CI/CD solution has been found to have two critical vulnerabilities (CVE-2024-27198 and CVE-2024-27199) that can allow remote attackers to take control of the server and modify system settings without authentication.
Mar 05, 2024NewsroomVulnerability / Network Security A new pair of security vulnerabilities have been disclosed in JetBrains TeamCity On-Premises software that could be exploited by a threat actor to take control of affected systems. The flaws, tracked as CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score: 7.3), have been addressed in version 2023.11.4. They impact […]
CISA adds Microsoft Streaming Service bug to its Known Exploited Vulnerabilities catalog Pierluigi Paganini March 01, 2024 U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft Streaming Service vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2023-29360 (CVSS Score 8.4) Microsoft Streaming Service Untrusted pointer dereference vulnerability […]